<%
if (! Session("user")){
    Response.Redirect("login.asp");
    Response.Write("<script type=\"text/javascript\">window.location.href = \"login.asp\"</script>");
}
%>